Finance Index
What is positive pay and how does it prevent check fraud?
Reference guide to positive pay bank controls, including payment timing, method choices, control points, reconciliation, and vendor communication.
Positive pay is a bank fraud-control service: you send the bank a daily file of issued checks (check number, amount, and payee for payee positive pay), and the bank pays only items that match. Anything that doesn't match - altered amount, washed payee, counterfeit serial number - becomes an exception you must decision before the bank pays or returns it.
At a Glance
| Aspect | Short Answer | Why It Matters |
|---|---|---|
| Positive pay | Positive pay is a bank fraud-control service: you send the bank a daily file of issued checks (check number, amount, and payee for payee positive pay), and the bank pays only items that match. | Keeps evidence clear and reduces control risk. |
| Payment impact | Basic positive pay matches check number and amount, so it catches counterfeits and altered amounts but misses check washing where a fraudster keeps the amount and changes the payee. | Reduces payment errors, timing issues, and reconciliation cleanup. |
| There an equivalent for ACH | Yes - ACH positive pay (often delivered through ACH debit filters and blocks) lets you control which originators may debit your accounts. | Keeps evidence clear and reduces control risk. |
| Exception handling | Your bank provides the issued-check file spec (fixed-width or CSV), a delivery method (portal upload or transmission), and a daily exception-decision deadline; map your payment system's check register to the spec and automate the daily send. | Reduces payment errors, timing issues, and reconciliation cleanup. |
| A positive pay exception | A mismatch between a presented check and your issued file; banks give a same-day window (often by 10 - 11 a.m. | Reduces payment errors, timing issues, and reconciliation cleanup. |
Why is plain positive pay no longer enough?
Basic positive pay matches check number and amount, so it catches counterfeits and altered amounts but misses check washing where a fraudster keeps the amount and changes the payee. Payee positive pay adds payee-name matching, closing that gap. Given that check washing is now the dominant check-fraud vector, payee positive pay (plus an ACH equivalent) should be considered the baseline, not an upgrade.
Is there an equivalent for ACH?
Yes - ACH positive pay (often delivered through ACH debit filters and blocks) lets you control which originators may debit your accounts. It's the outbound-disbursement-account control that complements check positive pay: you decide which company IDs are authorized to pull, and everything else is blocked or held for decision.
How do I set up positive pay with my bank - file format, delivery, exception window?
Your bank provides the issued-check file spec (fixed-width or CSV), a delivery method (portal upload or transmission), and a daily exception-decision deadline; map your payment system's check register to the spec and automate the daily send.
What is a positive pay exception and how fast must we decision it?
A mismatch between a presented check and your issued file; banks give a same-day window (often by 10 - 11 a.m. local) to pay or return, after which a default rule applies - miss it and the bank acts on the default.
A legitimate vendor check keeps triggering payee-name exceptions - how do I fix the data?
Standardize the payee name in your vendor master to match how checks print (legal name vs DBA, punctuation, "Inc." vs "Incorporated"), since payee positive pay matches strings; fixing the master fixes the recurring exception.
What is reverse positive pay and when would a company choose it?
The bank sends you the list of presented checks and you flag which to pay (default-pay on no response); it shifts the matching burden to you and is weaker than standard positive pay - chosen mainly by small shops without issued-file automation.
Should positive pay be default-return or default-pay on missed exception windows?
Default-return is the safer setting - an unrecognized item that slips through unreviewed should not clear; reserve default-pay only where missed-window risk to legitimate vendors outweighs fraud risk, which is rarely.
What does positive pay cost and is it worth it for 100 checks a month?
Typically a modest monthly fee plus a small per-item charge; even at low volume it's worth it given a single washed check can exceed a year of fees - though the better long-run answer is converting those 100 checks to electronic.
How do voids and reissues get communicated to the positive pay file so the old check can't clear?
The void must remove the original from the issued-check list (or mark it void/stop) in the next file, and the reissue must be added as a new item - if your void event doesn't flow to the positive pay file, the stopped check can still match and clear.
Stampli perspective
Positive pay is a bank-side control, not a Stampli feature - but Stampli keeps the upstream data clean that makes it work: accurate payee and address data, void-and-reissue handled as one linked event so stale items can be excluded, and a complete payment record per check so the issued-check file you send the bank reflects reality.